Russian hackers infiltrated Podesta's email, security firm says

Hillary Clinton campaign chairman John Podesta’s Gmail account was hacked by the same Russian intelligence-linked hackers that breached the DNC and the DCCC, researchers confirmed Thursday, spurring Clinton's team to immediately lash out at Donald Trump over his ongoing reluctance to blame Moscow for the spate of election-related hacks.

The GOP nominee is now President Vladimir Putin's "puppet," said Clinton's top foreign policy adviser Jake Sullivan, who added that the latest findings are proof that the Kremlin "is trying to help Donald Trump."

Story Continued Below

"It's time for Trump to tell the American people what he knew about these hacks and when he knew it," Sullivan said.

Trump has repeatedly declined to directly blame Russia for the election season hacks that have targeted political organizations and senior officials.

"She has no idea whether it's Russia, China or anyone else,” Trump said during Wednesday’s debate.

But based on new information, it now seems clear that Podesta unwittingly gave Russian hackers access to his Gmail account by clicking a Bitly link that redirected him to a fake Google login page, where he entered his credentials.

According to the cybersecurity firm SecureWorks, the fake Google domain in that link — first reported Thursday by Motherboard — matches one the hacker group Fancy Bear has employed in a wide-ranging spear-phishing campaign that has also targeted major U.S. political institutions, Clinton campaign figures and other top officials.

“The Google-spoofing domain in the Motherboard article is one we observed used by Fancy Bear,” SecureWorks researcher Tom Finney told POLITICO in an email.

Security researchers have long tied Fancy Bear to Russia's military intelligence agency, the GRU.

The Obama administration recently took the unprecedented step of blaming senior Russian officials for orchestrating the series of digital break-ins at the DNC and DCCC, but has not yet officially accused Moscow of being behind the Podesta hack.

Motherboard’s story included a redacted screenshot of the malicious Bitly link’s analytics page that showed the Podesta link redirecting to Fancy Bear’s fake Google domain. POLITICO independently reviewed the Bitly link’s analytics page and confirmed with SecureWorks that the domains matched.

Over time, Fancy Bear has relied on an IP address to host several fake Google domains, including the one used to target Podesta and another to go after Clinton staffer William Rinehart. Finney confirmed that SecureWorks had found another Bitly link made for Rinehart.

Thomas Rid, a security professor at King's College London, published a comprehensive overview Thursday of Russia’s recent cyberattack campaign.